Overview

overview

10

Static

static

3

ee5cb738f9...18.exe

windows7-x64

10

ee5cb738f9...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ee5cb738f933fea4e1b0ec877e3f31de_JaffaCakes118

  • Size

    827KB

  • Sample

    240920-y6rq7swejc

  • MD5

    ee5cb738f933fea4e1b0ec877e3f31de

  • SHA1

    98f292fb73747590884949409d0dc7cd233ab2c2

  • SHA256

    bccc9e3d756a755324883a0587184066522a027831dc451f0ccdc9a4162c95a2

  • SHA512

    3eb19401cd7336d08073f00cba29000fc683e2c6a08161dfa484137f3ab051224d63d4f1313a96326d4630619734992ec090ce8454c5d02193d0198d4e813f3f

  • SSDEEP

    12288:abyF6l3CgdOyrhbBSvpNX6VkbWLYLPnAHizOS8RgV1ZEmKMOhqfJo1mJxRHHE6mx:abxfb276z3CSSJSM8qfJYOW

Score
10/10
snakekeyloggercollectioncredential_accessdiscoverykeyloggerspywarestealer

Malware Config

Extracted

Family

snakekeylogger

C2

https://api.telegram.org/bot1634002210:AAGipukUEr-bNBgl2R1_hwFgfb9ez_v6wzE/sendMessage?chat_id=1401219117

Targets

    • Target

      ee5cb738f933fea4e1b0ec877e3f31de_JaffaCakes118

    • Size

      827KB

    • MD5

      ee5cb738f933fea4e1b0ec877e3f31de

    • SHA1

      98f292fb73747590884949409d0dc7cd233ab2c2

    • SHA256

      bccc9e3d756a755324883a0587184066522a027831dc451f0ccdc9a4162c95a2

    • SHA512

      3eb19401cd7336d08073f00cba29000fc683e2c6a08161dfa484137f3ab051224d63d4f1313a96326d4630619734992ec090ce8454c5d02193d0198d4e813f3f

    • SSDEEP

      12288:abyF6l3CgdOyrhbBSvpNX6VkbWLYLPnAHizOS8RgV1ZEmKMOhqfJo1mJxRHHE6mx:abxfb276z3CSSJSM8qfJYOW

    Score
    10/10
    snakekeyloggercollectioncredential_accessdiscoverykeyloggerspywarestealer

    • Snake Keylogger

      Keylogger and Infostealer first seen in November 2020.

      stealerkeyloggersnakekeylogger

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks